lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87fy4u0xty.fsf@graviton.dyn.troilus.org>
Date:	Thu, 14 Jun 2007 22:13:13 -0400
From:	Michael Poole <mdpoole@...ilus.org>
To:	Daniel Hazelton <dhazelton@...er.net>
Cc:	Alexandre Oliva <aoliva@...hat.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Lennart Sorensen <lsorense@...lub.uwaterloo.ca>,
	Greg KH <greg@...ah.com>,
	debian developer <debiandev@...il.com>,
	"david\@lang.hm" <david@...g.hm>,
	Tarkan Erimer <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>, mingo@...e.hu
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

Daniel Hazelton writes:

> What rights did they give to "downstream" recipients of the "object code" 
> version? *EXACTLY* those they received from the GPLv2.

Doing the e-mail equivalent of yelling about this will not change the
fact that people who think Tivo did something wrong -- legally and/or
morally -- consider DRM locks on a piece of software to be part of the
"work based on the Program" that is governed by the GPL.

The fundamental reason for this is that neither the executable code
nor the digital signature serves the desired function alone.  The user
received a copy of the executable for a particular purpose: to run the
program on a particular platform.  With DRM signatures, only the
combination of program and signature will perform that function, and
separating the two based on strictly read legal definitions is risky.

The question of whether DRM signatures are covered by the license must
be resolved before one can determine whether Tivo gave "*EXACTLY*" the
same rights to object-code recipients as Tivo received.  GPLv2 is
worded such that the answer to this does not depend on whether one is
in file A and the other in file B, or whether one is on hard drive C
and the other is in flash device D, as long as they are delivered as
part of one unit; it *might* matter if, say, one is received on
physical media and the other is downloaded on demand.

(Linus likes to say that FSF counsel thinks that Tivo did not violate
GPLv2.  I suspect the actual situation is that FSF counsel believes
that there is no case law on point, and that it could go either way,
making it improper to publicly claim that Tivo violated any copyright.
Until a court rules on a close-enough case, the question of whether
GPLv2 covers DRM signatures remains open.  In the mean time, it makes
more sense for the FSF to issue a new license that squarely addresses
this -- such as the GPLv3 -- and persuade as many developers as
possible that using it is the best way to protect free software.)

Michael Poole
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ